[SOLVED] many users has root password and how to find who did what
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I hope by this way we can achieve almost main concern of Question
Thanks for rehashing about everything I wrote here or in the posts I linked to.
Quote:
Originally Posted by sharadchhetri
@schneidz , appreciate you also pointed out good thing .
I already addressed /var/log/secure and equivalent in my second post.
Quote:
Originally Posted by sharadchhetri
and it is better to have something rather then nothing.
Given a correct understanding of the requirements and the way available tools match or not, the choice for selecting something less than the optimal simply becomes a question of competence.
Thanks for rehashing about everything I wrote here or in the posts I linked to.
I already addressed /var/log/secure and equivalent in my second post.
Given a correct understanding of the requirements and the way available tools match or not, the choice for selecting something less than the optimal simply becomes a question of competence.
I do agree "the choice for selecting something less than the optimal simply becomes a question of competence".
Tools are created by us,many bugs are opened and fixed. The method always need improvisation.New idea always be appreciated so that anyone can modify and make it better.We can not 100% judge it is less than optimal,they also have some advantages.
Awesome! it was very nice discussion and explanation by every participant in this post. I do really appreciate all, who spent some time to look in to the issue and explained. I will try using sudo, rootsh and the logging method suggested by sharadchhetri and then decide which one is good for my working environment. Of-course, I have to convince others as well
NP, you're welcome. After all helping is what we're here for.
Quote:
Originally Posted by KinnowGrower
Of course, I have to convince others as well
What matters is the reason for changing this. I mean that if you don't have the luck to be able to use say regulatory compliance as an argument then you only have company or institutions (network) policies if any, security best practices and increased cost of maintenance if the audit trail remains broken. So what you could do is quantify as you know that's what managers need to make a decision. If like you said it's a legacy thing then trying to wean users off bad habits will be met with resistance no matter what you do. What you could do is log all access, tally how different roles use the server and devise solutions that take away their common "ease of use" and related arguments.
We can not 100% judge it is less than optimal, they also have some advantages.
Maybe you can't but I can. Having had to reconstruct time lines from broken audit trails on compromised servers a couple of times taught me that. All I can do is try to pass what I've learned on to others.
Maybe you can't but I can. Having had to reconstruct time lines from broken audit trails on compromised servers a couple of times taught me that. All I can do is try to pass what I've learned on to others.
Thanks for sharing your questions and the loopholes you highlighted . It was really a good discussion. Securing the server and make robust auditing should always be in priority . loopholes are in almost all tool or method, we have to just fill it up and improvise it with our real time scenario problems.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
